Accepting for a moment that MD5 collisions have been identified. From a commercial aspect I am concerned to ensure the cryptographic security of our ECheque system. Just a thought on the use of MD5. If two signatures are appended to the same document both using MD5, but one either a) Signing all but the last octet of the message ... or b) Signing the whole of the message and signature. Would that not make the determination of useable collisions either impracticable or impossible? I must admit I am inclined to encode additionally the key components of the message (amount paid, to whom) as well as the hash using a Private Key encryption. After all we have at least 60 octets of important data that can be encoded in this manner using one simple encryption sequence, this can cover account credited and amount easily. If someone can collision codge the description I am not desperately concerned. Alternately, could someone please point me at the SHA algorithm.
"John Hemming - CEO MarketNet" writes:
Accepting for a moment that MD5 collisions have been identified. From a commercial aspect I am concerned to ensure the cryptographic security of our ECheque system. [...] Just a thought on the use of MD5. If two signatures are appended to the same document both using MD5, but one either
a) Signing all but the last octet of the message ... or b) Signing the whole of the message and signature.
Would that not make the determination of useable collisions either impracticable or impossible?
Wouldn't it be easier to move to SHA-1?
Alternately, could someone please point me at the SHA algorithm.
I believe SHA-1 (note-- you want the updated version!) is in the latest edition of Schneier, or at least is referenced there. BTW, you are going to have to assume if you are doing real world business that you will be upgrading your algorithms every few years until the end of your application's lifespan. Perry
participants (2)
-
John Hemming - CEO MarketNet -
Perry E. Metzger